Video conference: "Smile, you're on camera"

Video conferencing is a common way to carry out long distance international or domestic meetings.

During the reconnaissance phase of an external penetration test, IPV Security experts found a vulnerability that allows unauthorized access to the organization's video conference management system from the public Internet. The next stage was to exploit this vulnerability by silently participating in active video conferences. One of these conferences disclosed business confidential information not only through the video/audio feed itself, but also by a whiteboard share of a confidential MS Excel spreadsheet. The audit results provided the customer's Information Security professionals visibility to a high probability exploit and recommended an executable plan to mitigate it.